Corporations, government agencies, and personal users are suffering from wholesale data exfiltration, privacy breaches, and system downtime due to attacks from malicious software or malware. Networks often utilize a layered defense to malware attacks, which includes antivirus software, firewalls, and intrusion protection systems. Malware implants are often stored in a computer system without the knowledge or consent of the operator of the computer system. The majority of current network security solutions detect malware using heuristic signature-based detection. Signature-based detection consists of searching for known patterns of data in storage. Since signature-based detection systems focus on specific malware characteristics for discovery, such systems often require constant scanning of large amounts of data using host-based programs such as antivirus software that consume storage and processing resources of the computer system. Additionally, it is difficult for traditional signature-based detection systems to detect new malware that has not been analyzed and stored in a signature database. In some cases, a malware may lie dormant until it is remotely activated (e.g., to transmit data of the infected host to a remote location). A traditional malware detection system may be able to only detect the dormant malware only after it becomes active in memory and causes damage. Once malware or any other unwanted service has been identified, it is often difficult to effectively and efficiently stop the unwanted service. Therefore, there exists a need for a way to effectively and efficiently stop an unwanted service.